Security Policy #
Services in Scope #
This policy begins on 01.01.2019.
All services and subdomains under these domains are in scope:
- *.tagnull.de
Unallowed procedures #
Please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam mails, or do other similarly questionable things. I also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic or try to brute-force logins.
Qualifying vulnerabilities #
- Cross-site scripting
- Cross-site request forgery
- Mixed-content scripts
- Authentication or authorization flaws
- Information leaks like:
- Passwords
- Files that “look like they better shouldn’t be public”
- Server-side code execution bugs
Reporting #
Please contact me via email with a written report of your findings. Please include all the steps that led to the exploitation of the vulnerability and also your contact details in order to be rewarded.
Rewards #
As this is a privately hosted site - I won’t be able to provide you with high value bug bounties. But we might work something out.